Gets tickets forwarded to hostname. If the tickets that are forwarded are address-less, the forwarded tickets will also be address-less.

If the ticket have any address, hostname will be used for figure out the address to forward the ticket too. This since this might use DNS, its insecure and also doesn't represent configured all addresses of the host. For example, the host might have two adresses, one IPv4 and one IPv6 address where the later is not published in DNS. This IPv6 address might be used communications and thus the resulting ticket useless.

Parameters:

context

A kerberos 5 context.

auth_context

the auth context with the key to encrypt the out_data.

ccache

credential cache to use

flags

the flags to control the resulting ticket flags

hostname

the host to forward the tickets too.

in_creds

the in client and server ticket names. The client and server components forwarded to the remote host.

out_data

the resulting credential.

Returns:

Return an error code or 0.

Some older of the MIT gssapi library used clear-text tickets (warped inside AP-REQ encryption), use the krb5_auth_context flag KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED to support those tickets. The session key is used otherwise to encrypt the forwarded ticket.